﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Web.Security;
using System.Data.SqlClient;

public partial class EditMember : System.Web.UI.Page
{
    public static string LnkChangePassword = "EditMember.aspx?action=" + EClass.EAction.PasswordChange.ToString();
    public static string LnkEditProfile = "EditMember.aspx?action=" + EClass.EAction.EditProfile.ToString();
    protected void Page_Load(object sender, EventArgs e)
    {
        if(!IsPostBack)
        {
            if (Session[EClass.ESession.Username.ToString()] == null)
                Response.Redirect("Login.aspx?action=" + EClass.EAction.Login.ToString() + "&ReturnUrl=" + Request.RawUrl);
            else if (Request.QueryString["action"] == null)
                _multiView.ActiveViewIndex = 0;
            else if (Request.QueryString["action"] == EClass.EAction.PasswordChange.ToString())
                _multiView.ActiveViewIndex = 1;
            else if(Request.QueryString["action"] == EClass.EAction.EditProfile.ToString())
            {
                _multiView.ActiveViewIndex = 2;
                DataTable dt = DBClass.SelectData("SELECT * FROM users WHERE username ='" + Session[EClass.ESession.Username.ToString()] +"'");
                _lblUsername.Text = dt.Rows[0]["username"].ToString();
                _lblEmail.Text = dt.Rows[0]["email"].ToString();
                _txtIDNo.Text = dt.Rows[0]["ID_Num"].ToString();
                _txtFullName.Text = dt.Rows[0]["Fullname"].ToString();
                if (dt.Rows[0]["Sex"].ToString().ToUpper().Equals("male"))
                    _radSex.SelectedIndex = 0;
                else
                    _radSex.SelectedIndex = 1;
                _datBirthday.Value = dt.Rows[0]["birthday"].ToString();
                _txtAddress.Text = dt.Rows[0]["Address"].ToString();
                _txtPhoneNo.Text = dt.Rows[0]["Phone"].ToString();
            }

        }
    }
    protected void _btnCancel_Click(object sender, EventArgs e)
    {
//        Response.Redirect("Homepage.aspx");
        Response.Redirect(Request.UrlReferrer.ToString());
    }
    protected void _btnCancel2_Click(object sender, EventArgs e)
    {
//        Response.Redirect("EditMember.aspx");
        Response.Redirect(Request.UrlReferrer.ToString());
    }
    protected void _btnOk2_Click(object sender, EventArgs e)
    {
        string strPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(_txtPassword.Text, "MD5");
        string strNewPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(_txtNewPassword.Text, "MD5");
        string strUsername = Session[EClass.ESession.Username.ToString()].ToString();
        DataTable dt = DBClass.SelectData("SELECT password FROM users WHERE username = '" + strUsername + "'");
        if(!_captchaChangePassword.IsValid)
            Response.Write("<script>alert('Mã kiểm tra chưa đúng')</script>");
        else
        {
            string strStoredPassword = dt.Rows[0]["password"].ToString().Trim();
            if(strPassword.Equals(strStoredPassword))
            {
                string strSQL = "UPDATE users SET password='" + strNewPassword + "' WHERE username = '" + strUsername +
                                "'";
                int noc = DBClass.Execute(strSQL);
                if(noc > 0)
                    Response.Redirect("Message.aspx?action=" + EClass.EAction.PasswordChange.ToString());
                else
                    Response.Write("<script> alert('Lỗi') </script>");
            }
        }
    }
    protected void _btnOk3_Click(object sender, EventArgs e)
    {
        try
        {
            string username = Session[EClass.ESession.Username.ToString()].ToString();
                
            string fullname = _txtFullName.Text;
            string sex = (_radSex.SelectedIndex == 0 ? "Male": "Female");
            string birthday = _datBirthday.Date.ToShortDateString();
            string address = _txtAddress.Text;
            string idno = _txtIDNo.Text;
            string phone = _txtPhoneNo.Text;

            if (_captchaInfo.IsValid)
            {
                string strSQL =@"UPDATE users SET FullName=@FullName, Sex=@Sex, BirthDay=@BirthDay, ID_Num=@ID_Num, Address=@Address, Phone=@Phone WHERE username=@username";
                SqlParameter[] parameters = {
                                                new SqlParameter("@UserName", username),
                                                new SqlParameter("@FullName", fullname),
                                                new SqlParameter("@Sex", sex),
                                                new SqlParameter("@BirthDay", birthday),
                                                new SqlParameter("@ID_Num", idno),
                                                new SqlParameter("@Address", address),
                                                new SqlParameter("@Phone", phone)
                                            };
                int nor = DBClass.Execute(strSQL, parameters);
                if (nor > 0)
                {
                    Response.Redirect("Message.aspx?action=" + EClass.EAction.EditProfile.ToString());
                }
                else
                {
                    Response.Write("<script>alert('Lỗi')</script>");
                }
            }
            else
            {
                Response.Write("<script>alert('Mã kiểm tra chưa đúng')</script>");
            }
        }
        catch (Exception ex)
        {
            Response.Write("<script> alert('" + ex.ToString() + "') </script>");
        }
    }
}
